But access to \/home\/david<\/b> was denied.<\/p>\n\n\n\n
Upon enumeration, I found the the nostromo config file<\/p>\n\n\n\nI took the hash to hash identifier and the hash was identified as md5<\/p>\n\n\n\nThe password cracked to be Nowonly4me<\/b>, but there was unsuccessful ssh login or su david<\/p>\n\n\n\n
So I reverted back to the conf file I was looking at and found something interesting. There is a directory public_www<\/b>, accessible by the current user.<\/p>\n\n\n\nAfter traversing through the directories, I found the ssh backup file that had read permission.<\/p>\n\n\n\nSo i transferred the file to my local machine using nc<\/p>\n\n\n\nAfter extracting the .txz, we got the .ssh files of the user david<\/p>\n\n\n\nI tried to ssh to david, but the id_rsa was encrypted with a passphrase. So now the id_rsa passphrase will be cracked using ssh2john<\/p>\n\n\n\nNow with the obtained password, login in with david user as follows and grep the user.txt<\/p>\n\n\n\nAfter getting the user level access, I found a bin directory present. I listed its contents using cat<\/p>\n\n\n\nJournalctl service was running with sudo privileges so I can edit the server-stats.sh<\/b> to get to root.<\/p>\n\n\n\nIn either way, just copy the last command uptil the pipe and type !\/bin\/bash . This can be used to access the files system with elevated privileges. In a nutshell, we are now root.<\/p>\n\n\n\nThats all for the blog post. Thanks for reading.<\/p>\n\n\n\n
Unitl then, Happy Hacking!!<\/p>\n","protected":false},"excerpt":{"rendered":"
Hello all! This is Shreya Pohekar. Today we\u2019ll be doing traverxec from hack the box. This box recently retired and is available for free in the retired machines section. So if you got stuck somewhere while the machine was active, follow the walkthrough and submit the flags. The machine is an easy Linux box that […]<\/p>\n","protected":false},"author":1,"featured_media":29,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[19,2],"tags":[26,33,35,34,36],"class_list":["post-26","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackthebox","category-information-security","tag-hackthebox","tag-journalctl-exploit","tag-nostromo","tag-nostromo-1-9-6","tag-traverxec-walkthrough","entry","has-media"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/posts\/26"}],"collection":[{"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":4,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"predecessor-version":[{"id":112,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/posts\/26\/revisions\/112"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/media\/29"}],"wp:attachment":[{"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shreyapohekar.com\/blogs\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"\/](\"https:\/\/lh3.googleusercontent.com\/zrvnrIAuO1oVz4ckv6CKjOAkXLOZ8G_fSZLS3sDdBgUon6UmrUXvq3Avr4HhFBIn9B3Zu-_NPcnAFHk05VHd_q0RHhS2cto0xtuE0GSsTr4eNrnmFQZ82kT5q7naJXn8Cy80-yjl\")
<\/figure>\n\n\n\n<\/figure>\n\n\n\n
![\"\"\/](\"https:\/\/lh5.googleusercontent.com\/PaRyu8E422I6Jv9JGPVWuspMnj3Zvo5shbO-RRt5TRCkiLa8cfkuKj-QK4Kgqu-uoIYd5wXusV0McFCs1psIyfr9xE9iFB1LDcmZI6CwYmU359Urjnj35KeVvB1X0yiMwQEbGzMP\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh6.googleusercontent.com\/Nr4DYkLtWLYSKQRUjDQ5ywPa1sOVbhA42lFyMwx-F4gfxFA2aUDcSCZFTQzPL7ScAOPzIMx8TtKf-rUg45Z8jRc9vACYhG4DoChnh1TCs4R2K5wDdq0UOKmAWGucOVOKtAFOirCn\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh3.googleusercontent.com\/92p37PBH-BuCK6hyTxiWg_H73lNAjmF2WSpHSCtKLvWvy47gTiB3J8RJLBidwooVUETqN0Po5vEl90iuNFeFSP5dbvWeBZLYRR2NunjoiyC52Vx3DMLUTIOOiL_DEbJ4fWojwPx7\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh4.googleusercontent.com\/2SLfEF5V963FklWQbv8dFXllQVBca4HQ-HSR65oxTJfdHxnUcHApALNHq5izvLbfUyOz0_30AXLnk9vI4m0sS8TN94cAhWBnFvxOwIGURwQhJbc7OD9AemBlAdGTDZnedmAhY7Gm\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh4.googleusercontent.com\/LjbmKZ7-ZiAE3ROhjJsokiF6mZvnwvaBjRwL77yjjXG57SZc5f9mPHzH76mUY3S5bQ-YEUUptfQNV3PY2WKR5iR4EhB6vDFDBFKECSwEbO3b-uFiWsk8gBUkKlf4THWL5p0v1Bw2\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh5.googleusercontent.com\/Y3giWLszvt__Ohy1Vknss4hfUn91hMud0Gn3jBkI_XePLSJkxSPJGRZIlf1XEprnJqWH7R-gBRIXKDpR1fh8_8ycp9QxUGUUjOjz4N-MGswLsMJI44zKND7OqNeJtYNCNDWRi0SO\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh5.googleusercontent.com\/K01qyLeRid389bR-G5w6zDYNL8zYOsS7ynoAFPpVa_-wGg1GObtwun9K3Sgr5h6rLW1RkfkWAex5_RUqFOEu00ZYMFcOELXknrgcn2OQ_z7YfrnQraYqk-0_mrv8L6XTrrldk_Uy\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh3.googleusercontent.com\/vKsdTAyajbkt031CZoOb4MHczgLM_IM_9SJhcCa9dmock--4luQncrM5UCcopY57ca5MuPGiOIP08xh1aFUH5iUe7OEWpV29l1FohykXT90Lu0GlYuffoanSDhy3ST-Ohb7AheUk\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh4.googleusercontent.com\/oSoGRZADI90cDIDqzwvnPphX19Mrm9dR2BjmGgS6ARUy6svElWLn0TPapxBPW3HH8ILHEBOt4noWnk3I6Lu8q892x1U9_kkagzL4_coKVKI5EecVlMOD_7kZwfLTh1FVzFw3rEHv\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh5.googleusercontent.com\/VAMc-qveXvfC5MzzgETSrWH7Dyaexo2SFt_yGpxDIuRi_0pjtyiSmcXL-u5vpwKwzFH9GY4bgX0VSWm9sB2TNAZ65d8_DEE-iPKTvhBVPKebgaigbmTujxwXnua3drL30VcD8M8M\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh4.googleusercontent.com\/-yPxZnIxpuLZPthhEQ0t5XyC2oo-MUdIa8lmYiQUJr-i51BpqcBuIIR6SC0b9Y3jH3KDCVA6WKzj_Uu-nITphtqjoKaIkZWZuqg3LkqHiRfQTvly8dxWI6cGv0vKAfF9y6agZJbC\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh5.googleusercontent.com\/GablH9fDRTTCG0q90WhkJ1ev6nXsHIIBGMo_1XPPMZBi-yiLRilHJhqHa6SQ0FtLBpCqqnqpmpcE8ZX6XkAK4JUpTDOijtk543NBSQJBeodHuAt4r5yYLBIiGkMeIla5yTo7ySBo\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh6.googleusercontent.com\/gGPVYJZrMymCy3nvIb_Tm-U4Job3MHgolYwLG5IYqNwKQne4ijnNYbNWaCa2iBbwr_XSb5P_YaljluraFaZ4RjIvz8TNGVaPDqTSCYly5e1aAfyvfRrP5VbecJzcfUHXj1Jn5SCN\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh5.googleusercontent.com\/mk-V0YNh38BI9araHMHJuTdnHJKt2zsSu7qznsJMc19GMFPZRtsHoGZB5FRO4F8IvrtlyhW9MqXunTSPeiId4s_DR-St5HI3wUimVowI8xfb_V27MASU28x0Mav6ZrqLYPwkHtfY\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/lh4.googleusercontent.com\/qwekqQiZqCvBlVh5IQdQENkM8QuWOWq52oMbD49Ra7f4MQlQOW5_RebhajO0Tbst5wnnxZJn8xLv5ho0FJHN9lIiwm2-7dbzNEFb8fbj3Ipdmi9i2HW65xF9nsvifnzN4ZGvE3ML\")
<\/figure>\n\n\n\n